Fix the wireguard setup, add a /128 for every node instead of prefix

wg/peer.go

@@ -21,9 +21,11 @@ func (w *Wireguard) peerToWgConfig(p Peer) (wgtypes.PeerConfig, error) {
 		return wgtypes.PeerConfig{}, err
 	}
 	overlay := p.OverlayIP()
+	// Add the peer itself as a /128 directly, so that the peer overlay ip is both
+	// accepted and added to the route table
 	allowed := []net.IPNet{{
 		IP:   overlay.Addr().AsSlice(),
-		Mask: net.CIDRMask(overlay.Bits(), overlay.Addr().BitLen()),
+		Mask: net.CIDRMask(overlay.Addr().BitLen(), overlay.Addr().BitLen()),
 	}}
 	for _, route := range p.Routes() {
 		allowed = append(allowed, net.IPNet{

wg/wireguard.go

@@ -89,16 +89,17 @@ func (w *Wireguard) Update(peers []Peer, mtu int) error {
 	}
 	// Setup peers, add routes even before we configure keys, this is harmless
 	// and makes the code way simpler
-	peerConfigs := make([]wgtypes.PeerConfig, len(peers))
-	for i, peer := range peers {
+	peerConfigs := []wgtypes.PeerConfig{}
+	for _, peer := range peers {
 		config, err := w.peerToWgConfig(peer)
 		if err != nil {
 			w.logger.Info("invalid peer", "name", peer.Hostname())
 			continue
 		}
+		w.logger.Info("new peer", "config", config)
 		for _, route := range config.AllowedIPs {
 			var gw net.IP
-			w.logger.Info("new route", "dest", route.String())
+			w.logger.Info("adding route", "dest", route.String())
 			scope := netlink.SCOPE_LINK
 			// Convert back and forth net and netip, this is ugly but makes
 			// the code structure simpler
@@ -117,7 +118,7 @@ func (w *Wireguard) Update(peers []Peer, mtu int) error {
 				w.logger.Error(err, "could not add route", "route", route)
 			}
 		}
-		peerConfigs[i] = config
+		peerConfigs = append(peerConfigs, config)
 	}
 	// Finally update the device crypto and peer list
 	err = w.client.ConfigureDevice(w.iface, wgtypes.Config{